FUH, Ser. No. 10/611,460, GAU 2152, Examiner B. Whipple 

REPLY TO OFFICE ACTION 

REMARKS 

Claims 1, 2, 4, 12, 15, 16, 18, and 22 are amended. No claims have been canceled or 
added in this application. Claims 1-30 are now pending in the application. The amendments to 
the claims as indicated herein do not add any new matter to this application. Furthermore, 
amendments made to the claims as indicated herein have been made to exclusively improve 
readability and clarity of the claims and not for the purpose of overcoming alleged prior art. 
Each issue raised in the Office Action mailed April 10, 2007, is addressed hereinafter. 
I. ISSUES NOT RELATING TO PRIOR ART 

A. NONSTATUTORY DOUBLE-PATENTING — CLAIMS 1-7, 9-1 0, 1 3, 1 5-1 7, 
AND 19 

Claims 1-7, 9-10, 13, 15-17, and 19 were rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over Claim 18 of U.S. Patent No. 
6,609,154 0154). The rejection is traversed insofar as Claims 1-7, 9-10, 13, 15-17, and 19 do 
not correspond to Claim 18 of 454. A terminal disclaimer for the aforementioned claims is 
hereby submitted with this response to overcome the rejection, and reconsideration of the claims 
is respectfully requested. 

B. REJECTION UNDER 35 U.S.C. § 1 12 — CLAIMS 1-21 

Claims 1 and 15 were rejected under 35 U.S.C. § 1 12, second paragraph, as allegedly 
indefinite. Present Claims 1 and 15 have sufficient antecedent basis to overcome the rejection. 
Reconsideration is respectfully requested. 

Claim 2 was rejected under 35 U.S.C. § 1 12, second paragraph. Claim 2 has been 
amended in accordance with the Examiner's interpretation. Reconsideration is respectfully 
requested. 

Claim 3^* were rejected under 35 U.S.C. § 112, second paragraph, as allegedly unclear 
as to whether "authentication cache" refers to physical caches or a plurality of logical caches. 
The rejection is respectfully traversed. The test for definiteness under 35 U.S.C. 1 12, second 
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paragraph, is whether "those skilled in the art would understand what is claimed when the claim 
is read in light of the specification." Orthokinetics, Inc. v. Safety Travel Chairs, Inc., 806 F.2d 
1565, 1576, 1 USPQ2d 1081, 1088 (Fed. Cir. 1986). If one skilled in the art is able to ascertain 
the meaning of the term "authentication cache" in light of the specification, 35 U.S.C. § 1 12, 
second paragraph, is satisfied. Breadth of a claim is not to be equated with indefmiteness. In re 
Miller, 441 F.2d 689, 169 USPQ 597 (CCPA 1971). As explained in the MPEP 2173.04, if the 
scope of the subject matter embraced by the claims is clear, and if applicants have not otherwise 
indicated that they intend the invention to be of a scope different from that defined in the claims, 
then the claims comply with 35 U.S.C. § 1 12, second paragraph. 

The claim language is supported by the specification. The specification states, "The 
firewall router 210 also includes any number of authentication caches 432, 434. . . . Each 
authentication cache may include a table of hashed entries of information such as a source IP 
address, a destination IP address, a source port value, a destination port value, and state 
information." (Paragraph [0063].) The meaning of "authentication cache" is clear and precise in 
light of the specification. A person of ordinary skill in the art would interpret the "authentication 
cache" to not be limited to either a physical or a logical embodiment. For the foregoing reasons, 
applicants respectfully traverse the rejection, and respectfully request reconsideration of the 
claims. 

Claim 4 was rejected under 35 U.S.C. § 1 12, second paragraph, for allegedly having a 
circular definition. The rejection is respectfully traversed. Claim 4 recites: "wherein the client 
authorization information comprises a plurality of authentication caches, . . . and wherein each 
authentication cache comprises information indicating whether the client is authorized to 
communicate with the network resource and information indicating what access privileges the 
client is authorized to have with respect to the network resource." Nowhere in the claim is a 
circular definition provided for the term "client authorization information." The claim clearly 
states that (1) the client authorization information comprises authentication caches, (2) each 
authentication cache comprises an indication of whether the client is authorized to communicate 
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with that particular resource associated with the cache, and (3) each authentication cache 
comprises specific information regarding access privileges for the client. The claim, as 
characterized in the Office Action, is inaccurately paraphrased, and does not possess the defect 
of which it is accused. Based on the foregoing reasons, the rejection is traversed, and applicants 
respectfully request reconsideration of the claim. 

Claim 12 was rejected for allegedly failing to provide antecedent basis for a limitation in 
the claim. Present Claim 12 currently provides sufficient antecedent basis to comply with 
statutory requirements. Reconsideration is respectfully requested. 

Claim 16 contains substantially the subject matter that is similar to that of Claim 4. It is 
respectfully submitted that Claim 16 is patentable for at least the reasons given for Claim 4. 
Reconsideration is respectfully requested. 

Claim 18 was rejected for allegedly failing to provide antecedent basis for a limitation in 
the claim. Claim 18, as amended, currently provides sufficient antecedent basis to comply with 
statutory requirements. Reconsideration is respectfully requested. 

II. ISSUES RELATING TO PRIOR ART 

A. REJECTION UNDER 35 U.S.C. § 102(e)— CLAIMS 1, 5-9, 14-15, 17-18, 22- 
23, 25-27 

Claims 1, 5-9, 14-15, 17-18, 22-23, 25-27 were rejected under 35 U.S.C. § 102(e) as 
allegedly unpatentable over U.S. Patent No. 6,317,838 issued to Baize, et al. The rejection is 
respectfully traversed. 

Claim 1 recites: 

means for reconfiguring the network firewall routing device to 
permit the client to communicate with the network resource 

only when the client is authorized to communicate with the 
network resource based on the authorization information. 

Means-plus-function claims are to be given their broadest reasonable interpretation, in 

light of and consistent with the written description of the invention in the application. In light of 
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the specification, the "means for reconfiguring" could comprise, for example, dynamically 
configuring certain access control lists that are maintained by interfaces of the firewall. 
(Specification, Paragraphs [0084] and [0085].) In other words, a certain part of the firewall is 
reconfigured. One possible benefit of reconfiguring a part of the network firewall routing device 
is that the configuration is maintained indefinitely until certain conditions are met, for example, a 
timeout or a specific modification by the system administrator. This allows the logical 
passageway to remain open even if the user and client encounters an inadvertent or transient 
disconnection. (Paragraph [0091].) Using this method, the session is not reset by the 
disconnection, and the firewall does not need to access the authentication server when the user or 
client re-establishes the connection. Because the authentication server may be separated from a 
firewall over a wide-area network, such elimination of unnecessary repeated access to the 
authentication server provides a significant advantage in authentication efficiency and speed. 

Baize does not teach nor suggest this feature of Claim 1. Baize teaches that a "security 
profile" is fetched from a "security storing means," and the profile is used by the "centralized 
security means" within the firewall to authenticate a remote user. Baize teaches that its system 
of authenticating within a firewall can operate only "during the duration of said opened 
session," and "as long as the same session remains opened." (Col. 7, Ins. 3, 17-18.) While 
the firewall of Baize fetches the operational user profile to provide resources with information 
regarding the user, nowhere is it taught in Baize to reconfigure of any part of the firewall to 
permit communication between a client and a resource, as featured in Claim 1. Accordingly, 
because of such temporary nature of the authentication in Baize, Baize requires that the same 
session remains opened. This teaches against Claim 1, which allows disconnections to occur 
because the firewall of Claim 1 has been reconfigured to permit communication. 

Based on the foregoing, it is respectfully submitted that Claim 1 is patentable over Baize. 

Dependent Claim 14 recites: 

A system as recited in Claim 1, wherein the means for 
reconfiguring the network firewall routing device comprises 
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means for creating and storing one or more commands to the 
network firewall routing device which, when executed by the 
network firewall routing device, result in modifying one or more 
routing interfaces of the network firewall routing device to 

permit communications between the client and the network 
resource. 

Baize does not disclose the features of Claim 14. Nothing in Baize states or suggests that 
a firewall is reconfigured by executing commands that are stored in the firewall, and that the 
commands modify routing interfaces of the firewall routing device. Thus, it is respectfully 
submitted that Claim 14 is patentable over Baize. 

Claims 5-9 are dependent claims, each of which depends (directly or indirectly) on Claim 
1. Each of Claims 5-9 is therefore allowable for at least the reasons given above with respect to 
Claim 1. In addition, each of Claims 5-9 introduces one or more additional features that 
independently render it patentable. Due to the fundamental differences already identified, to 
expedite the positive resolution of this case, a separate discussion of the features of Claims 5-9 is 
not included at this time. The Applicant reserves the right to further point out the differences 
between the cited art and the novel features recited in the dependent claims. 

Independent Claim 15 and Claim 22, as amended, include features similar to Claims 1. It 
is respectfully submitted that Claims 15 and 22 are patentable over Baize for at least the reasons 
given above with respect to Claim 1. Claims 17-18, 23, 25-27, depend (directly or indirectly) 
on Claims, 1,15, and 22. Due to the fundamental differences already identified, to expedite the 
positive resolution of this case, a separate discussion of the features of Claims 15, 17-18, 22-23, 
and 25-27 is not included at this time. The Applicant reserves the right to further point out the 
differences between the cited art and the novel features recited in the claims. 

B. REJECTION UNDER 35 U.S.C. § 103(a) — CLAIMS 2-4, 12-13, 16, AND 19 

Claims 2-4, 12-13, 16, and 19 were rejected under 35 U.S.C. § 103(a) as allegedly 
unpatentable over Baize in view of U.S. Patent No. 6,170,012 issued to Coss et al. The 
rejections are respectfully traversed. 
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Claim 2-4, depended from Claim 1, all include features similar to "means in the network 
firewall routing device for caching client authorization information for each client that 
communicates with the network firewall routing device," wherein the client authorization 
information comprises information indicating whether the client is authorized to communication 
with then network resource and information indicating what access privileges the client has with 
respect to the network resource, and wherein the client authorization information is created based 
in part on user profile information. 

The Office Action relies on "caching rule processing results for one or more packets, and 
then utilizing the cached results to bypass rule processing for subsequent similar packets," as 
disclosed in Coss, to teach "caching client authorization information for each client," as featured 
in Claim 2. (CoL 2, In. 10-12.) This is incorrect. Coss caches the results of a previous 
packet's processing so as to avoid the need to apply the rule set to each incoming packet. In 
contrast, Claim 2 teaches caching client authorization information, which is (1) information 
indicating whether the client is authorized to communication with then network resource and (2) 
information indicating what access privileges the client has with respect to the network resource 
is cached within the firewall, as recited in independent Claim 1. Thus, the data that is cached 
in Coss differs from the data that is cached in Claim 2. Thus, Coss cannot possibly teach the 
caching of Claim 2, or the "authentication cache" of Claim 3 and 4. For the foregoing reasons, it 
is respectfully submitted that Claim 2, as well as related Claims 3 and 4, are patentable over 
Baize in view of Coss. 

Claims 12-13, 16, and 19 are dependent upon and thus include each and every feature of 
the corresponding independent claims previously discussed. Therefore, it is respectfully 
submitted that Claims 12-13, 16, and 19 are allowable for at least the reasons given above with 
respect to the corresponding independent claims previously discussed. Further, the Office 
Action relies on Coss to provide performing actions in response to an inactivity timer, and Coss 
does not "fill the gaps" of Baize. Therefore any combination of Baize and Coss cannot provide 
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the complete combination of the subject matter that is recited in the present claims. For all these 
reasons, the present claims are patentable over Baize and Coss. 

Claims 10-11, 21, 24, and 28-30 were rejected under 35 U.S.C. § 103(a) as allegedly 
unpatentable over Baize in view of U.S. Patent No. 6,216,121 issued to Klassen et al. The 
rejections are respectfully traversed. 

Claims 10-11, 21, 24, and 28-30 are dependent upon and thus include each and every 
feature of the corresponding independent claims previously discussed. Therefore, it is 
respectfully submitted that Claims 10-1 1, 21, 24, and 28-30 are allowable for at least the reasons 
given above with respect to the corresponding independent claims previously discussed. Further, 
the Office Action relies on Klassen solely to provide sending a login form in HTML, and using a 
Web browser, and Klassen does not "fill the gaps" of Baize. Therefore any combination of Baize 
and Klassen cannot provide the complete combination of the subject matter that is recited in the 
present claims. For all these reasons, the present claims are patentable over Baize and Klassen. 
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III. CONCLUSIONS 

For the reasons set forth above, all of the pending claims are now in condition for 
allowance. The Examiner is respectfully requested to contact the undersigned by telephone 
relating to any issue that would advance examination of the present application. 

No extension fee is believed to be due. However, to the extent necessary, Applicants 
petition for an extension of time under 37 C.F.R. § 1.136. The Commissioner is authorized to 
charge any fee that may be due in relation to this application to our Deposit Account No. 50- 



1302. 



Respectfully submitted, 
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